Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-1292 | Cross-Site Scripting vulnerability in CartWIZ Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. network elemental-software | 4.3 |
2005-05-02 | CVE-2005-1290 | Cross-Site Scripting vulnerability in phpBB Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. network phpbb-group | 4.3 |
2005-05-02 | CVE-2005-1289 | Unspecified vulnerability in E-Cart 20041.1 index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. | 7.5 |
2005-05-02 | CVE-2005-1288 | Remote Security vulnerability in ACS Blog inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. | 7.5 |
2005-05-02 | CVE-2005-1286 | Local Security vulnerability in Softwin Bitdefender Antivirus Professionalplus8/Standard8 Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. | 1.2 |
2005-05-02 | CVE-2005-1284 | Unspecified vulnerability in Argosoft Mail Server 1.8.7.6 The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | 7.5 |
2005-05-02 | CVE-2005-1282 | HTML Injection vulnerability in Argosoft Mail Server 1.8.7.6 Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. network argosoft | 4.3 |
2005-05-02 | CVE-2005-1280 | Denial Of Service vulnerability in tcpdump RSVP Decoding Routines The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | 5.0 |
2005-05-02 | CVE-2005-1279 | Denial Of Service vulnerability in tcpdump LDP Decoding Routines tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. | 5.0 |
2005-05-02 | CVE-2005-1278 | Denial Of Service vulnerability in tcpdump ISIS Decoding Routines The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. | 5.0 |